97ea033f7a8d8b2b3d3086f5717581b68ad50d44e5ee5a0ec804527ddb3c59f5

Analysis

max time kernel
120s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25898cf612db04f1cb0923c04e1a234a.html
Size

2KB
MD5

25898cf612db04f1cb0923c04e1a234a
SHA1

d700b4693e7a766bca82c0b9f3620419783df7eb
SHA256

97ea033f7a8d8b2b3d3086f5717581b68ad50d44e5ee5a0ec804527ddb3c59f5
SHA512

ec4cbb97135a2179cbf33d08f75f04f62c768ebb44d04926edc2954a3d9c0bb0542ab139b90bea7b15e43eecef4666316eaa99fadfaaa0f0a71776e142564440

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10b9b63e193dda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d60000000002000000000010660000000100002000000094b5b50fea86b4bcb59c607de32f6164a8a54d5bcb049e835affc9abb5e922c5000000000e8000000002000020000000129c7018a1fb2bb2a6dd6d32011fb29aa1901ecd2bedd529b7eff80fc5adfa9c900000008979858367528aa45a3c19d9f3e23d02c253836c1b315a6e1bf049625c8d50a4d84e1fc5e989c33542d5a12a2b798ce3af4b2c4faab21cf4e2fb12f89793e1663f95264fa9c0629c3db0caf1f7115f5bd035fd80cc002c7ff34a98b3765bc95d637fd2689cb085df496e00e69e976e40e3c153459006a6e9fb349dad547aee9b922fd4575b41db1ca30155ceda60b591400000007d3da1e5e1db3e9c75bb5af588167327972ee53c1e9ebdb185a033b44f4128537d3c4195515c0357a50f7465233759d84920e713162c063f2f4b1e0ff45e0475	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410320000"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6A4D7961-A90C-11EE-B432-EEC5CD00071E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d60000000002000000000010660000000100002000000076a4fcbe17ee477f7feb36f80e6f68afd2eea0dba760fadedf355860ceace8f6000000000e80000000020000200000009ac5365c38dbdc3afeec8573ab6966e8025eb3b67665c13773b2c9f12bf3fd392000000034a5d3c31585ed1e3db734931333a48176d7eb6ac854c31d52aebd63aa3ae1e8400000007fcd13886c1a3dd53004849bab811573944d8fe40718a2c0464a74d1e1d7ee920cb94e393e52122d6bf35e6af2e820c9cf9e65aa11ddbf54bd48431105e62113	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2136	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2136	iexplore.exe
2136	iexplore.exe
1940	IEXPLORE.EXE
1940	IEXPLORE.EXE
1940	IEXPLORE.EXE
1940	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 1940	2136	iexplore.exe	17
PID 2136 wrote to memory of 1940	2136	iexplore.exe	17
PID 2136 wrote to memory of 1940	2136	iexplore.exe	17
PID 2136 wrote to memory of 1940	2136	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\25898cf612db04f1cb0923c04e1a234a.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2136 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b9a4d4535a8f8fb43ad38f93699dbd4

SHA1
7e59db437db6954fc3ed3b3e1b8ef0db12615f9f

SHA256
6e82bc95a1674c2433568518730bcedd0cb3643080a96d8155e8398e687783c6

SHA512
1f098635cf95972efbba7eb0efe8a7cb54f365f2be15b811b150ba7e37d8daf59e0d032f4dc040dfdf0aa760994f21b88a81a49fddd752c8c1065617ef87997e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8fda730ea0457422a6a4a8022fee6f7

SHA1
a2d7020aefbbbaada653b749f436631c98ff23a6

SHA256
1b0c294c496fc15d162b62af9ad8dc548dfb7a581b7d5ad498d0b9927dd9ceac

SHA512
302cda15a1cd37b09532ae8cb4021b28ba85cabc876deb61871907460c3139a15f582f6f07d742bb4e35a28b12c2af88692d304103b3acd88359d2fbe666e18f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddec1153ddce47ad8540d533af2e410b

SHA1
d3bd23b3b2b49d8e26d42f20c9a730d683183ae4

SHA256
89ea7ac44819cedf1f70e0cbf3eb26ebc84ddee46820d47a15cff50a17233ba0

SHA512
cdc8531237a47cc0eacef545e809d3e47c1a45625ed25d56c0454db0f8339186e8499af436ed2c2aa7423e731fbbc357fd303cea97b082d2d0efd36786d526dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b6788cec56313a902ef7e678f756296

SHA1
a4976f848b0df2293c84cdd8b705c2a4f52e6885

SHA256
bba825abf183909ba745af9897a7354e0b10f77c1e0ff0787d03982695dc78a6

SHA512
e3d228bb6459b48fe629e89826a4a625e74a83908631e464a479d76ebbe5e5b10357cba6226e950c381a6f98eca9668399282d8b934f4369f4e81715c9efa219

Download Submit